Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Driver domain as security monitor in virtualization environment

Active Publication Date: 2014-04-22
TREND MICRO INC
View PDF6 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

This patent describes a way to improve network security in a virtualization environment. By using a driver domain that acts as a security monitor, network service control can be moved from a privileged domain to the driver domain. This eliminates the need for extra relay mechanisms and allows for better security development. Additionally, the architecture is simple and no inter-VM communication is needed to share packets, resulting in improved performance.

Problems solved by technology

While malicious software certainly targets traditional computers running a single operating system, it can also target a computer running multiple operating systems.
In a virtualization environment, different operating systems may run on a single computer and these may be subject to unique types of malicious software.
Unfortunately, the nature of a virtualization environment allows for a new threat called an inter-VM attack, in which malicious software under one operating system attacks programs and data under another operating system executing on the same host computer.
Inter-VM attacks can be especially problematic in a public virtual cloud environment.
Traditional network security software not accustomed to a virtualization environment has difficulty detecting or containing malicious inter-VM traffic between the virtual machines.
More and more, a great deal of data center network traffic occurs between virtual machines on a host computer server, but, administrators find it more and more difficult to monitor such virtual machine traffic or to implement inspection or filtering policies.
While one approach might be to scale back any virtualization efforts, this defeats the promise that virtualization offers in terms of economic benefits.
Physical security products cannot detect attacks that go from one virtual machine to another on the same host computer.
And, attempting to send all inter-VM traffic out to the network in order to detect these inter-VM attacks is undesirable because it increases network latency.
Another approach might be to install security software on each virtual machine; but, this consumes resources on each machine and the need to manage the security software of each virtual machine.
Installing security software in the host system is a possibility but this technique might not be portable between diverse host systems.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Driver domain as security monitor in virtualization environment
  • Driver domain as security monitor in virtualization environment
  • Driver domain as security monitor in virtualization environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023]Referring again to FIG. 1, a virtualization platform 30, also known as a hypervisor, executes upon a computer processor such as an x86, x86-64, Itanium, Power PC, ARM, or other. In one particular embodiment, the virtualization platform 30 is the Xen hypervisor available from Citrix Systems, Inc. Other suitable virtualization platforms that may benefit from the present invention are the ESXI and vSphere hypervisors available from VMWARE, the Hyper V Server hypervisor available from Microsoft Corporation, and the KVM hypervisor available from LINUX. While the below discussion uses the Xen hypervisor as an example, one of skill in the art will understand that the present invention is suitable for use with a variety of virtualization platforms.

[0024]The virtualization platform 30 runs directly on the hardware 20 and becomes the interface for all hardware requests such as CPU, I / O, and disk for the various operating systems executing upon it. By separating the guest operating syste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A virtualization platform includes a number of virtual machines, one of which is configured as a driver domain and includes the network service control for routing network traffic between the other virtual machines. The privileged domain does not include the network service control. The network service control includes network backend interfaces and a virtual switch or bridge. The driver domain includes a PCI driver for direct communication with a network interface card. The driver domain includes hooking software and an inspection agent. Packets passing between the other virtual machines pass through the driver domain, are hooked, and are inspected by inspection agent to determine if they are malicious or not. Malicious packets are blocked. The driver domain may also utilize a PCI driver of the privileged domain for access to the network interface card. Platforms with or without pass-through mode may be used.

Description

FIELD OF THE INVENTION[0001]The present invention relates generally to the detection of malicious software on a computer. More specifically, the present invention relates to detection of malicious software between virtual machines in a virtualization environment.BACKGROUND OF THE INVENTION[0002]While malicious software certainly targets traditional computers running a single operating system, it can also target a computer running multiple operating systems. In a virtualization environment, different operating systems may run on a single computer and these may be subject to unique types of malicious software.[0003]FIG. 1 illustrates a prior art virtualization environment 10 that is subject to attacks by malicious software. Any suitable computer hardware 20 executes a virtualization platform 30 which is a layer of software running directly on the computer hardware and which replaces the traditional operating system. The platform 30 allows the computer hardware to execute multiple oper...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/53G06F21/00G06F21/56H04L29/06
CPCG06F9/45558G06F21/56G06F9/455G06F2009/45595G06F21/53G06F2009/45591H04L63/1416H04L63/0263
Inventor LIANG, PO-CHENGLIN, KUN-SHANCHU, CHIEN-TA
Owner TREND MICRO INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com